Stormy Skies

By

The research jeopardized by the Dedoose crash should serve as a warning to colleges and universities as they consider moving sensitive information to the cloud, technology consultants say.

Dedoose is an alternative to qualitative data analysis software such as ATLAS.ti, Nvivo and MAXQDA, which date back to the 1980s. Offered as software-as-a-service, Dedoose can be accessed anywhere without first having to be installed, and users can subscribe to it on a monthly basis rather than pay for a software license. But for all its benefits, cloud computing comes with its own concerns.

Last Tuesday’s crash could hardly have come at a worse time. Dedoose, like any self-respecting cloud service, regularly backs up its system. In case of a crash, the affected data can then be restored from that backup copy. But when a part of Dedoose’s hosting platform, Microsoft Azure, failed Tuesday afternoon, the startup was in the middle of encrypting and backing up its data. The result: a corrupted storage system.

President and CEO Eli Lieber, associate research psychologist at the University of California at Los Angeles, said in a blog post last week that the company had “high confidence that data added to Dedoose up to mid-April will be recovered and restored.” In an update posted on Sunday, the data had been “pieced back together, however it remains encrypted and corrupted.”

Most of users’ data was unaffected by the crash, but the data added during the two or three weeks leading up to it appears to have been lost. Lieber said the company was “not optimistic” that it could be recovered. He did not respond to a request for comment.

“This highlights once again that whether you’re an individual, research group or institution, wherever you store your data, you have to anticipate the possibility of a crash or a security issue,” said Kenneth C. Green, founding director of the Campus Computing Project and a blogger for Inside Higher Ed. “At the end of the day, back up and restore your own data and be responsible for it -- wherever you store it.”

When Dedoose, which launched in 2006, experienced an outage in March 2013, the startup announced it would move to Microsoft Azure to “allow for greater reliability, performance and future scalability.” It has also teased an offline version of its service -- which presumably would allow users to store their data on their computers -- since 2012.

But there are limits to what a small startup can do. Dedoose’s LinkedIn profile describes it as having no more than 10 employees, and the official website’s “About Us” page only lists five team members: Lieber, a co-founder, a chief technology officer, a consultant and a customer experience manager.

After last week’s crash, Lieber also promised a “tour de force on protection” to prevent future mishaps. Storing backups in multiple locations and conducting more frequent restoration exercises are among the new security measures.

Julie Meloni, a technology consultant who has led architecture and design processes of cloud-based software for several companies and organizations, said she was not impressed by that response.

“There's no reason in this day and age, even if you're bootstrapping, that losing more than a day's worth of data is O.K.,” Meloni said in an email. She added that she would consider it “unconscionable” if the startup didn’t already have in place some of the security measures it now proposes.

“If I were a user actively working on my research, and I knew that tidbit of information, that would be absolutely unacceptable,” Meloni wrote. “But how many of their users knew that? I bet not many -- either because they don't think about it or they assume that everything is safe, secure, and always recoverable. Which leads me to the point that the first thing any company should do, but especially a small company or a startup aiming to gain traction for their product, ... is to be as transparent as possible about how a user's data is stored, backed up, and how they can get at it.”

Lauren Nicoll, a Ph.D. student in sociology at Northeastern University, said she had her research project open when Dedoose’s services crashed. As she attempted to assign a code to an interview quote, the screen flashed an error message. She closed the browser, logged back in, and then saw the project had vanished.

Nicoll, along with many other frustrated researchers, took to social media to vent. “ALL of my dissertation interviews that I have coded are GONE,” she tweeted on Saturday. “Thanks, @Dedoose THIS is why the cloud is not to be trusted... .”

In an interview, Nicoll said she lost about 20 hours of work. She may have been one of the luckier users. One Ph.D. student said he was days away from submitting his dissertation. Others reportedly lost weeks’ worth of coding.

“It’s become so commonplace now -- my email’s in Gmail, and I use Google Drive, and I always do have copies in multiple places,” Nicoll said about cloud computing. “Particularly with qualitative software like this, it’s confidential information, so they provide extra assurances that your data is confidential and protected. But in reality, when it’s in a system like this when it’s not physically on your computer, you really don’t know.”